Attackers, for example, in an advanced persistent threat (APT), commonly perform reconnaissance on a target organization prior to attempted exploitation. Through this reconnaissance, the attackers may identify individuals of interest and/or develop methods of potential access to the target. Targeted individuals can range, for example, from senior leadership to researchers to administrative assistants. The individuals and/or user accounts in an organization that use and/or have access to sensitive data are logically the individuals whose leak and/or loss would cause the most significant negative impact for the organization. It would therefore be advantageous to preemptively identify individuals within the organization that possess particular vulnerability with respect to data usage and/or access.